I am trying to set up DHCP for my network interfaces. I tried to run DNSmasq on the node first, and assigning IP ranges based on the
I then proceed to move it to a separated container, and allocated `10.0.1.0/24` range for it. Then I find out that ARP is not working (nothing works actually) whenever I tick the
I have nothing set in the container Firewall, and the switch at the datacenter level and the container level are both OFF. I tapped on the
I have my node network set up as follows:
The container network looks like this:
The ARP is unable to resolve a MAC address for 10.0.1.1 when
When I turn off the Firewall for
I am genuinely confused.
Proxmox VE version:
vmbr interface receiving the DHCP messages. However, it turns out the packets were NOT coming from the vmbr interface as expected when the CTs are in renewal phase. Instead, they come from either fwbr or veth interfaces, making it impossible to match to a specific range. I then proceed to move it to a separated container, and allocated `10.0.1.0/24` range for it. Then I find out that ARP is not working (nothing works actually) whenever I tick the
Firewall box on the container interface. If I untick it, network immediately recovers. If I tick it, it is immediately gone.I have nothing set in the container Firewall, and the switch at the datacenter level and the container level are both OFF. I tapped on the
fwbr interface for the container and saw the ARP message. There were no reply.I have my node network set up as follows:
Code:
# This file is managed by Ansible. Do not edit manually.
# network interface settings; autogenerated
# Please do NOT modify this file directly, unless you know what
# you're doing.
#
# If you want to manage parts of the network configuration manually,
# please utilize the 'source' or 'source-directory' directives to do
# so.
# PVE will preserve these directives, but will NOT read its network
# configuration from sourced files, so do not attempt to move any of
# the PVE managed interfaces into external files!
auto lo
iface lo inet loopback
auto ens15
iface ens15 inet static
address <public ip>/28
gateway <public gw>
up /usr/sbin/iptables -t nat -A POSTROUTING -s '10.0.0.0/16' ! -d '10.0.0.0/16' -o ens15 -j SNAT --to <public ip>
down /usr/sbin/iptables -t nat -D POSTROUTING -s '10.0.0.0/16' ! -d '10.0.0.0/16' -o ens15 -j SNAT --to <public ip>
post-up /usr/sbin/iptables -t raw -I PREROUTING -i fwbr+ -j CT --zone 1
post-down /usr/sbin/iptables -t raw -D PREROUTING -i fwbr+ -j CT --zone 1
iface ens15 inet6 static
address <public /64>::/128
gateway fe80::1
iface enx2e5d409424f4 inet manual
iface enp195s0 inet manual
iface enx7aedaccbe7be inet manual
auto vmbr0
iface vmbr0 inet static
address 10.0.1.1/24
bridge-ports none
bridge-stp off
bridge-fd 0
#Management Network
iface vmbr0 inet6 static
address <public /56>01::/64
auto vmbr1
iface vmbr1 inet static
address *.*.*.136/29
bridge-ports none
bridge-stp off
bridge-fd 0
#External Network
iface vmbr1 inet6 static
address <public /64>::/64
auto vmbr2
iface vmbr2 inet manual
bridge-ports none
bridge-stp off
bridge-fd 0
bridge-vlan-aware yes
bridge-vids 2-256
#VM Network Trunk
auto vmbr2.2
iface vmbr2.2 inet static
address 10.0.2.1/24
#obsrv (Observability)
iface vmbr2.2 inet6 static
address <public /56>02::/64The container network looks like this:
Code:
auto lo
iface lo inet loopback
iface lo inet6 loopback
auto eth0
iface eth0 inet dhcp
hostname $(hostname)
auto ep2
iface ep2 inet static
address 10.0.2.2/24
iface ep2 inet6 static
address <public /56>02::1/64
auto ext
iface ext inet static
address *.*.*.137/29
iface ext inet6 static
address <public /64>::1/64
auto mgmt
iface mgmt inet static
address 10.0.1.2/24
gateway 10.0.1.1
iface mgmt inet6 static
address <public /56>01::1/64
gateway <public /56>01::The ARP is unable to resolve a MAC address for 10.0.1.1 when
mgmt firewall is on (tho ext always works):
Code:
# arp
? (*.*.*.136) at **:**:92:ad:**:** [ether] on ext
? (10.0.1.1) at <incomplete> on mgmtWhen I turn off the Firewall for
mgmt, it works:
Code:
# arp
static.136.*.*.*.clients.your-server.de (*.*.*.136) at **:**:92:ad:**:** [ether] on ext
? (10.0.1.1) at fe:56:f3:49:57:6e [ether] on mgmtI am genuinely confused.
Proxmox VE version:
Code:
# pveversion --verbose
proxmox-ve: 8.4.0 (running kernel: 6.8.12-10-pve)
pve-manager: 8.4.1 (running version: 8.4.1/2a5fa54a8503f96d)
proxmox-kernel-helper: 8.1.1
proxmox-kernel-6.8.12-10-pve-signed: 6.8.12-10
proxmox-kernel-6.8: 6.8.12-10
proxmox-kernel-6.8.12-9-pve-signed: 6.8.12-9
ceph-fuse: 17.2.8-pve2
corosync: 3.1.9-pve1
criu: 3.17.1-2+deb12u1
dnsmasq: residual config
frr-pythontools: 10.2.2-1+pve1
glusterfs-client: 10.3-5
ifupdown2: 3.2.0-1+pmx11
ksm-control-daemon: 1.5-1
libjs-extjs: 7.0.0-5
libknet1: 1.30-pve2
libproxmox-acme-perl: 1.6.0
libproxmox-backup-qemu0: 1.5.1
libproxmox-rs-perl: 0.3.5
libpve-access-control: 8.2.2
libpve-apiclient-perl: 3.3.2
libpve-cluster-api-perl: 8.1.0
libpve-cluster-perl: 8.1.0
libpve-common-perl: 8.3.1
libpve-guest-common-perl: 5.2.2
libpve-http-server-perl: 5.2.2
libpve-network-perl: 0.11.2
libpve-rs-perl: 0.9.4
libpve-storage-perl: 8.3.6
libspice-server1: 0.15.1-1
lvm2: 2.03.16-2
lxc-pve: 6.0.0-1
lxcfs: 6.0.0-pve2
novnc-pve: 1.6.0-2
proxmox-backup-client: 3.4.1-1
proxmox-backup-file-restore: 3.4.1-1
proxmox-firewall: 0.7.1
proxmox-kernel-helper: 8.1.1
proxmox-mail-forward: 0.3.2
proxmox-mini-journalreader: 1.4.0
proxmox-offline-mirror-helper: 0.6.7
proxmox-widget-toolkit: 4.3.10
pve-cluster: 8.1.0
pve-container: 5.2.6
pve-docs: 8.4.0
pve-edk2-firmware: 4.2025.02-3
pve-esxi-import-tools: 0.7.4
pve-firewall: 5.1.1
pve-firmware: 3.15-3
pve-ha-manager: 4.0.7
pve-i18n: 3.4.2
pve-qemu-kvm: 9.2.0-5
pve-xtermjs: 5.5.0-2
qemu-server: 8.3.12
smartmontools: 7.3-pve1
spiceterm: 3.3.0
swtpm: 0.8.0+pve1
vncterm: 1.8.0
zfsutils-linux: 2.2.7-pve2